RSA Says SecurID Hack Based On Phishing With Flash 0-Day 153
Trailrunner7 writes "RSA confirmed on Friday that the attack that compromised the company's high-value SecurID product was essentially a small, targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file."
Re:Simple question: securid seeds? (Score:5, Informative)
Dear RSA; speaking as a customer; we need a simple answer to the question [zdnet.com.au]:
has the securid seeds database been compromised?
anything else you announce is fluff.
We use a LOT of SecurID tokens at our university, and the group that manages them has been way too quiet since this happened. But today they sent an email out - no mention of the RSA breach, just that they have decided to "retire the SecurID tokens early to save money" and are replacing them with a different product.
So I'm guessing they think the seeds database has been compromised.
Re:And ActiveX (Score:4, Informative)
Ok, this gets on my nerves. ActiveX is a plugin framework. It is *exactly* the same as Mozilla's XPCOM. Both XPCOM and ActiveX carry the exact same set of vulnerabilities. There are only two differences between ActiveX controls and NPAPI plugins:
1) NPAPI plugins are typically only hosted on mozilla.com. ActiveX controls can be hosted on any site.
2) ActiveX controls are required to be digitally signed. NPAPI plugins aren't.
The Wikipedia page on NPAPI [wikipedia.org] does a good job of describing the similarities.
So don't blame ActiveX - blame the plugins. This attack could have been mounted against Firefox (after all it used a *flash* vulnerability and last I heard, flash was available for firefox).